Have you ever been caught off guard by an unexpected question, comment, or remark in a social, academic, or business setting? Most likely, you have. And you probably wished you had more time to prepare a more suitable, fitting, or witty response. Instead of being given time to act strategically, you were forced to react tactically. Not surprisingly, the results are often far from ideal.
If we step back and consider this concept, there is an important security lesson here. Security organizations are better equipped to secure the enterprises they defend when they are given a chance to act strategically rather than react tactically. When it comes to application security, this means involving the security team and building security earlier in the software development lifecycle.
In recent years, most security practitioners have been carefully watching the AI hype cycle. Indeed, the explosion of AI onto the scene brought with it many unresolved questions around governance, risk, and compliance. While security practitioners considered these questions strategically, they were left wondering why, if AI was such a hot topic, they weren't seeing it affect their operational lives very much.
Recently, one reason for this disconnect has become clear. As we are very accustomed to in the security field, security seems to have been an afterthought in many instances. While there are exceptions, in many enterprises, security was not in the loop with application owners, development teams, and others experimenting with AI use cases. Not surprisingly, when some of these AI use cases demonstrated value, enterprises began moving them to production. This phase has been happening more frequently in recent months, and unfortunately, the security team has often not been involved.
Being caught by surprise is far from ideal, yet it seems to be a way of life for security professionals. Given that, how can security teams prepare for potentially being blindsided by AI applications that move into production and need securing in a hurry?
While there are many approaches, here are several that have proven helpful to enterprises:
Data-Driven Discussions
Most security teams do not have as strong a relationship with application owners and development teams as they would like. They also recognize that improving this relationship is key to involving security earlier in the software development lifecycle. However, improving this relationship is not simple. Leveraging real data to drive data-driven discussions can help. Approaching application owners and development teams with esoteric risk ideas and generalized threat data won't motivate them. Instead, try using specific numbers around potential monetary loss, brand reputation damage, or other risks, along with specific vulnerability data, sensitive data exposures, or other threats. This is far more likely to catalyze productive discussions that pave the way for improving these important relationships, thereby enabling security teams to get involved in the software development lifecycle of AI applications much sooner.
Agility
It is no secret that modern enterprise environments are far more complex than they used to be. The on-premises world was relatively straightforward compared with today's hybrid and multi-cloud world. While this evolution has brought numerous advantages—most notably the ability to bring features and improvements to market more quickly—it has created more than a few security challenges. Some of these challenges include enforcing security policy, implementing preventive and detective controls, investigating incidents, and responding to and mitigating those incidents. All of these factors make securing AI applications that blindside us far more challenging. Security agility is key. Security teams must prepare themselves to operate in this type of environment. Simplifying complexity becomes a necessary tool when it comes to defending AI applications.
Operational Workflow
If the security operations workflow is sufficiently robust and mature, it becomes easier to integrate new data, events, alerts, and other information from AI applications. This greatly helps the security team's ability to rapidly integrate AI applications and their accompanying data into the operational workflow. It may require effort and resources to ensure the security operations workflow is ready for the AI era, but the investment is well worth it. This is another way security organizations can prepare for when AI applications are thrust upon them suddenly.
Future-Proofing
With all the hype, buzz, and fear around AI, it's worth remembering that while AI applications have some AI-specific components, large portions of these applications are built on top of existing application and API technology stacks. Consequently, much of the security needed to properly secure AI applications already exists in current application and API security stacks. What we need to do is ensure that these stacks are future-proofed to the best extent possible. If we do this properly, we can simply 'turn on' or integrate new AI-layer-specific security measures that our existing security layers don't provide. Starting over and building AI security from the ground up takes far too long, particularly when we find ourselves in reactive mode.
Proactivity
With our teeth, our health, and our bodies, being proactive and practicing good hygiene is far easier and more successful than being reactive when a problem arises. The same holds true for securing our applications. Good security hygiene is a must, and an important part of this hygiene is continuous scanning of application security, API security, and AI security layers. This enables us to identify and mitigate risks, vulnerabilities, exposures of sensitive data, and other issues before they become more serious problems. When a robust and mature proactive security hygiene routine exists, it is much easier to integrate new, fast-emerging AI applications into that routine. This is another important strategy to help security teams cope with AI applications being thrust upon them with little warning.
Contextual Awareness
The AI layer requires unique security capabilities above and beyond what we already have at the application and API layers. In addition to continuously and proactively identifying security issues, we must also be prepared to identify and respond to runtime security issues. Doing so requires a tremendous amount of contextual awareness. This requires specialized technological capabilities that understand how to parse, analyze, and understand the AI layer in context, using that understanding to identify attacks, abuse, fraud, DDoS, and other issues in near real-time. This contextual awareness is extremely important for security teams as they confront AI applications on short notice, providing them with resources necessary to defend against attacks at the AI layer.
Security teams are bound to be blindsided by AI applications moving from experimentation into production. However, by taking several important strategic steps—such as data-driven discussions, agility, operational workflow maturity, future-proofing, proactivity, and contextual awareness—security organizations can greatly improve their ability to respond quickly, agilely, and appropriately. While this state of affairs is far from ideal, these measures help shift from tactical reactions to strategic readiness in the ever-evolving AI landscape.
Source: SecurityWeek News